not sure why you deem it necessary to point it out in this specific context, anyway yes, depending on system setup this definitely could show a warning
Did they run it with no-preserve-root? Is Kali so old it doesn’t have they protection? Did they just see the command in history on a perfectly fine system, and decide never to hire on that basis?
Hey, I know that princesses are ofter schooled in etiquette more than they get real education. unixqueen might not know shit about Unix / Linux. I find this completely believable, like how Queen Elizabeth didn’t know dick about math.
Did they execute the command on localhost or the remote? Because hey if they had privileges to root-nuke the target that’s gotta count for something right? Lmao
Same. I was working on a help desk years ago helping another agent with a call where the customer was being ignorant and I sent him a message that said something like “does he want us to wipe his ass for him too?” (Not that exactly but in the context of the situation it would have been similarly insulting). Next reply I get from the other agent was “he said no”.
I’ve seen frustrated senior start writing this. Sometimes it’s just a different state of mind that pushes us over critical thinking edge into the void.
I mean… it’s the best way to learn by being stupid and doing mistakes, but truly some mistakes are too much damage and does not help to learn or if we talk about other jobs can kill somebody.
I managed a homework help chatroom for EEs. One of them got a PI and was so happy. Another person suggested that they run that command. Later on the other person claimed they didn’t expect it to work.
It took me and another mod way too long to help the other guy fix his PI. Wasn’t really happy about it. The new rule I came up with was if you must must make a joke do something harmless like “touch /this” and reference MC Hammer.
How are you supposed to fine 7 vulernabilities in an hour anyways? No way they expect the applicant to actually find vulernabilities right? So you need to memorize a bunch and see if they are present, which doesn’t achieve anything other than testing your memorization abilities
It’s going to be a system set up with known vulnerabilities that should be easy to locate using common tools already installed on Kali; a real world scenario should (at least in theory) not be that simple, but in a capture the flag pentest environment, that’s pretty normal
You can see that the first machine is at /dvwa which is the Damn Vulnerable Web Application and is made for practicing hacking. If you have a basic understanding of the vulnerabilities there finding 7 of them is easy peasy.
Using Kali? Easy if you have training. The capstone for our security course a decade ago was too find and exploit 5 remote machines (4 on the same network, 1 was on a second network only one of the machines had access to) in an hour with Kali. I found all 5 but could only exploit 3 of them. If I didn’t have to exploit any of them 7 would be reasonably easy to find.
Kali basically has a library of known exploits and you just run the scanner on a target.
This isn’t novel exploit discovery. This is “which of these 10 windows machines hasn’t been updated in 3 years?”
Just saying that running automated tools and identifying those vulnerabilities is just the first step to learning hacking, but nothing more. To gain a proper understanding you must be able to find vulnerabilities manually or at least understand a certain exploit such as ETERNALBLUE which you won’t really look for manually.
Depending on the pay, that’s a nice little scam for someone.
When I was in my mid 20s, the only jobs nearby were basic retail work, and mostly part time. As you can probably imagine, the pay wasn’t great. If remote work had been available then, I could see me being tempted to try this, even if it was just to tide me over for a while.
I’m the kind of person who hates not being able to do something, so I’d probably burn myself out trying to learn how to do the job in between working it, but it would still be tempting.
Back when I still used Reddit, so many posts were just CS students trying to get other Redditors to do their homework for them. I don’t think I ever came across any technical interview cheaters, but I’m sure there were some.
I remember one interview I had with a candidate. It was for a database analyst position that required SQL.
The first round was typically a phone screen where I chat with the candidate, get to know them a bit.
Second round was code review. I asked them to do a SQL query that did x.
The queries were simple. The goal was to get the candidate to walk through the query.
I had one candid that, over screen share, wrote the query flawlessly. Then I asked them to explain what it was doing. The candidate froze.
I can get understand getting nervous so I moved onto an insert statement. I had them write one and then do another without using certain terms (often leading to a sub query).
Again, flawless. I asked what situations would you use one over the other.
Again, they froze. I started to get suspicious that they were cheating and had them, instead of typing the answer, say the answer. When they couldn’t, I knew enough that it wasn’t going to work.
I could freeze like that because of being only shy/nervous, just saying. Over things I knew.
Say, “what it does” may bear different weight when you are autistic. You try to grasp the thing from iron to logic to computers to B-trees to database itself etc.
To know that you only have to say a simple thing also requires experience which juniors may not have.
I wonder why people do this. You wouldn’t apply to a welding job if you can’t weld. Why so many people apply to programming positions if they can’t actually code (or a database analyst position without knowing SQL)?
Some people seem to think you can just Google stuff or more recently use AI to do the coding, not knowing that being a dev is mostly about knowing what to search and that being a dev isn’t just coding.
Some people seem to think you can just Google stuff
If you are a junior sysadmin - sure as hell you can and you will. Not everything has good manpages. Not every configuration of something is trivial to imagine, and it is useful to see what somebody else did.
I mean, Google and AI can be really helpful, but you should be able to do stuff without it. Google won’t help you if you have a problem with a customer/company specific problem that requires knowledge about the whole technical infrastructure.
My current job just hired someone as a senior Salesforce admin with a bunch of certs who in reality lacks any Salesforce skills at all. He’s been here for 6 months now and is really just dead weight on the team, but the only reason he hasnt been let go yet is because middle managent above him has its own host of issues, and the only reason he’s on thin ice is because of some of my team has been very loudly forwarding complaints against him up the chain and clearly communicating that he’s not showing the competencies that are required for the role and that he claimed to have. I give it another 6-12 months before he either gets fired or bounces
A lot of the time I find “spot the bug” questions to be more informative, especially for junior roles. We stopped asking fizz-buzz - just about everyone has heard of it by now and it’s pretty easy to just rote learn a solution. Instead we give them the spec for fizz-buzz and a deliberately broken implementation and ask them to fix it. If they get flustered, just asking “what does this program output” usually give a pretty clear indication if they can reason about code in a systematic way.
That’s fine if there are no weird pedantic ropes to fall over. I am not a compiler or linker, that’s what I have compilers and linkers for. Same with an IDE. I don’t know many details of the stdlib or other common libs, because why should I waste space in my brain for stuff code completion can show me…
The kind of bugs I’m talking about are things like “the logical flow of the code is broken because the order of the if/else if/else branches is wrong”, “this program never finishes because you don’t increment that counter” and “you specified print the numbers 1 to 100, but that counter starts at 0”.
I’m testing your ability to think logically, not your knowledge of stdlib trivia
No, that approach is completely fine even if pedantic because you get the candidate to reason about their choices and their approach which tells you so much more about them than rote memorization. Being pedantic is the whole point of it.
That’s likely not what I mean by pedantic. If your code example has syntactic errors or calls functions with not enough or too many parameters and you expect them to notice, you want them to do, what a compiler does or to know technical documentation by heart. Which is completely academic and pointless.
Concentrating on “algorithmic” solution at hand is fine, though. Unless you again expect them to recognize stuff like “hey this is almost Dijkstra’s algorithm but wrong”, because the interview should not be a university computer science test.
If you absolutely need to delete anything and everything, just use the command:
rm -rf
That combines the -f flag, which forces deletion, with the -r flag, which will delete folders recursively. We previously included the -v argument (to make it verbose), but it isn’t necessary. Just keep in mind that this is basically the nuclear option, and you shouldn’t use it unless you’re absolutely sure you want something gone forever.
Add comment